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SECURE AND AUDITABLE ON-UNE SYSTEM ' ' ' 

HELD OF INVENTION 

5 The present invention relates to generation of security and audit ability In an on-line 
system, such as an instant ticket lottery, a code generation system, an encryption system, 
or a money transfer system. More particularly, the present invention relates to secure 
management of an on-line system, in particular an on-line tlcl<et lottery. 

10 BACKGROUND OF THE INVENTION 

Modem communication networks such as the Internet, Wide Area Networks (WANs) and 

TfZ ^^"^T^ '^"^^ *° ^ enormously efficient means of organizing 

and distributing digital data. This has resulted In a widespread use of these networks for 
15 business, entertainment and personal applications. The Internet Is now a common network 
for performing electronic commerce, banking and elertronic mail transactions. as well as 
be^ng widely used for academic purposes, providing Information and gaming and betting 
activities. * ^ 

20 The traditional gaming and betting systems have been based on direct Interaction In a 
common physical location, such as casinos, bingo halls, and sports betting hails and buying 
physical lottery tickets. The Internet, however, offers a solution for those who cannot visit 
the physical locations for some reason, such as hospltallsed individuals, or people with 
mpaired mobility due to a handicap, or for people living In remote areas far away from 

25 traditional gaming and betting facilities. 

Ticket lottery games are popular sources of revenue for governmental bodies and.step is 
performed at charitable organizations, being either a scratch-off or pull-tab game with a 
number of pre-printed tickets. A lottery ticket comprises a printed result Indicator, 

30 indicating whether or not a particular ticket Is a winning ticket and, if so, the nature of the 
winning. Several electronic lottery games have been implemented through computer- 
based systems. US 5,324,035 Incorporates all Information required to define a game play 
Into a video lottery system, including data for various graphic symbols to be displayed to 
the player through the player terminal. This arrangement results In relatively large 

35 amounts of data having to be transferred to the player terminal for each game play. 

US 4,494,197 discloses a method for wagering, which utilizes a counter register and 
winning ticket table situated in a central processor unit. Upon a request from a player 
terminal the value in the counter register is incremented and then the winning ticket table 
40 Is queried to detemilne If the resulting count corresponds to a winning electronic ticket. 
The central processor then sends back to the player terminal a packet of Information 
including a winning or losing code as appropriate. The winning code Includes the amount 
won on the play. 



us 4,842,278 describes the Interconnection of two or more state lottery games into a 
national game. This lottery is a betting game wherein the winning odds are calculated 
based upon an Input from the player throughout the entire region, and not just from a 
single state. Payoffs are provided accorxiing to a total amount wagered and the number of 
5 winning bettors, somewhat like a pari-mutuel system. 

US 5,158,293 describes another multiple level game, in the sense that playere may be 
sequentially eligible for different prizes or payoffs during the course of play. However this 
document makes no mention of any different wagering denominations by dlfl^erent. groups 

10 of bettors, and resulting different pools and accordingly different prizes or payoffs In US 
6,017,032 IS disclosed a lottery game and method of play, in which provision is made for 
wagers at different denominational levels. Each wager of a given denominational level is 
placed In a sep step Is performed at a rate jackpot pool, with the winner or winners paid 
from that pool. Ail wagers of all denominations pass through a central controller or agency, 

15 where they are distributed to the appropriate pool or pool fraction or portion. 

The use of true random number generators (TRNG), to deliver so called true or non- 
determlnisHc random numbers are well known perse In the art. Such devices use a low- 
frequency oscillator and a high-frequency oscillator, and are, e.g., disclosed in US 

20 4,641,102; US 5,781,458 and US 6,061,702. In another document, methods of generating 
true random numbers using components normally available on pereonal computers. Is 
described (US 2003037079). The method Includes generating true random number 
sequences of calculable entropy content. The entropy Is derived from a random noise 
conriponent, or transition jitter. In one or both of a low- and a high-frequency signal sourx:e 

25 that are coupled to a processor for producing the random numbers. The high-frequency 
signal source includes a frequency multiplier that significantly Increases the size of the - 
noise component in the high-frequency signal. This will allow for rapid production of true 
random numberis of known, high quality. 

30 SUf»IMARY OF THE INVENTION 

It is an object of the present Invention to prx>vlde an on-line system,-whlch may be 
managed in a secure manner. 

35 It is a further object of the present Invention to. provide an on-line system, which Is 
sufficiently secure to meet the demands of, e.g., instant ticket lotteries. 

It is an even further object of the present invention to provide an on-line system having 
limited access in order to obtain a secure and controllable management of the system. 
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It is an even further object of the present Invention to provide a method for rhanaging 
such an on-line system in a secure manner. 



It is an even further object of the present Invention to provide a method for managing 
such an on-Jine system in a controllable manner. 

It IS an even further object of the present Invention to provide a device for managing such 
5 an on-line system in a secure manner. 

It Is an even further object of the present invention to provide a device for managing such 
an on-line system in a contrx>llab!e manner. 

10 According to a first aspect of the present invention the above and other objects are 

.°h<!'l"'l'l ' °' ^"^ ^"'^'^ ^•'"'ty 3" °n-»ne system, 

the method comprising the steps of: 
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generating a random number by means of a random number generator, 
providing a sequence number for each of the random numbers generated so as to 
create a random number - sequence number pair, 
- storing the created random number - sequence number pair In a. storage means, 

the method further comprising the step of, at a chosen time, verifying stored random 
20 number - sequence number pairs, so as to ensure that every stored random number - 
sequence number pair is an authentic random number - sequence number pair. 

According to a second aspect of the present invention the above and other objects are 
obtained by providing a secure and audltable on-line system comprising: 
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30 



a random number generator, 

means for providing a sequence number for each generated random number, so as to 
create a random number - sequence number pair, 

storage means for storing the created random number - sequence .number pair, . 
verifying means for verifying, at a chosen time, stored random number - sequence 
number pairs, so as to ensure that every stored random number - sequence number 
pair Is an authentic random number - sequence number pair. 

An important feature of the present Invention Is the audit ability, a mechanism that verifies 
all random number - sequence number pairs generated by the system. The random 
number -sequence number pairs stored In the storage means are the basis for the audit 
process, wherein a routine check can be made at a chosen time. By double-checking the 
pairs the auditors can spot if an intruder is bypassing the raridom number generator In 
order to select especially favourable sequence numbers 

40 



In the present context the term "security" refers to techniques for ensuring that data 
stored in the storage means cannot be unrightfully read or tampered with In any way, such 
as selecting only certain data from a processing means or storage means, which are to be 
sequentially or randomly distributed. 

5 

In the present context the term "audit ability" refers to the ability to maintain a record for 
a system showing If the system has been Invaded or Illegally accessed and what operations 
were performed during a given period of time. The audit process may be set up in a way 
that a special audit trail means enables the admlnlstratore to monitor use of network 
10 system. 



In the present context the term "on-line" refers to a communication network, such as, but 
not limited to the Internet, Wide Area Networks (WANs) and Local Area Networks (LANs) 
Further more the term ^on-line" refers to any network comprising a. gaming platform and a 
15 plurality of end user clients. 

In the present context the term "sequence number" refers to any number being selected 
from an array of numbers coniprlslng a certain amount of numbers, which have been 
evenly and sequentially lined up. The numbers may be selected from the group of, but not 
20 limited to 10, 100, 1.000, 10.000, 100.000, 1.000.000, 10.000.000 or lOO.OOoioOO 
numbers between any two number such as, but not limited to 0 arid 1. 

In the present context the term "verify" refers to a process, where actions or transactions 
In a system are checked. The term may furi:her refer to presence or absence of data In a 

25 system and. If the date Is present, then the verifying step may refer to whether the data 
have been manipulated or not. The verification may be a manual or automatic process 
performed routinely or randomly. A random number - sequence number pair Is "authentic" 
If the verifying step establishes that It was rightfully created and stored by the system. I.e. 
it has not been tampered with, and it was not stored by a party which Is not entltled to 

30 create and store random number -sequence number pairs. 

The storage means for storing the random number - sequence number palrs"ls preferably 
an electronic storage means, such as a hard disc drive, a CD-ROM, a DVD disc, a floppy 
disc, a magnetic tape, or any other suitable kind of data storage means 

35 

The verifying step may be peri^ormed at at least substantially equal time intervals, such as 
once or twice every day, every second day, every week, every month, every hour, etc. In 
this embodiment the verifying step is performed as a routine action, where ail stored 
random number - sequence number pairs are verified as a precaution. However, it may 



further be possible to perform the verifying step at a chosen time not falling within the 
normal time for a routine action. This may, e.g., be desirable in case there Is reason to 
believe that some of the numbers have been tampered with, or that somebody has 
unrightfully gained access to the stored numbers. 

5 

In a preferred embodiment the generated random number Is a true random number, and 
the random number generator Is a true random number generator. In the present context 
the term "true random number generator" refers to a device that generates true random 
numbers, typically by sampling and processing a sourve of entropy outside the device The 
10 entropy source can, e.g., be a radioactive source, atmospheric noise from a radio or lava 
lamps. 

The storing step may be performed by storing the random number - sequence number pair 
in a storage means with limited access. The term "limited access" may be Interpreted as 
15 meaning that only certain persons have access to the storage means. It may, e.g., be a 
secure enclosed system; a so-called "black box" and/or it may comprise a locked 
compartment. 

Furthermore, the random number generator may have limited access. The storage means 
20 and the random number generator may be positioned in the same limited access area (e g 
the same "black box" or the same locked compartment) of the system. The limited access 
area may further comprise a sequence number generator, so that the generation of the 
random number, the generation of the sequence number, and the storing of the random 
number - sequence number pair ail take place within the limited access area, thereby • 
25 reducing the risk that any of the numbers may be tampered with, or that a 

false/unauthentic random number - sequence number pair may be stored in the storage 
means. 

Access to the limited access area(s) may be obtained only by one or more authorised 
30 persons, such as by two or more authorised persons. Each of the two or more authorized 
persons may represent an authority, so that at least two authorities are represented when 
access to the limited access area(s) Is obtained. At least one of the authorised persons 
may represent an operator, and at least one of the authorised persons may represent an 
auditor. In this embodiment, at least one person representing. the operator, and at least 
35 one person representing some kind of auditing authority have to be present In order to 
gain access to the limited access area(s). The person representing the operator may be a 
person pointed out by or employed by the entity, which administers the on-line system for 
management and supervision of the system. The person representing the auditor may be a 
government official person supervising the operation of the on-line system, e.g. in order to 




6 



ensure that the system fulfils certain official requirements, e.g. In order to maintain public 
trust in the system. 



In a preferred embodiment of the present invention the security and audit ability are 
5 obtained by a closed system, wherein the secure and close system may be a so-called 
"black box" unit. The "black box" may comprise the following components: 

A locked box, 
" A random number generator, 
10 - A sequence number generator, and 
- Storage means 

The "black box" can further be described as an environment hosting data storage means, 
processors and generators and the "black box" may provide a physical barrier which only 
15 authorized administrators and auditors have access to. 

The method may further comprise the step of Issuing a ticket comprising Information 
relating to the sequence number. This information may be the sequence number Itself, The 
ticket may be a token or a receipt to a user of the on-line system, and the ticket may 

20 Indicate the actions performed by the systenri on request from the user, such as the 
generation of a code or an encryption or decryption key, a money transaction, or the 
generation of a lottery ticket. Preferably, the ticket does not comprise the generated 
random number. However, it may comprise Information relating to the random number. 
Thus, in case the on-line system Is a ticket lottery, the random number determines 

25 whether or not the ticket is a winning ticket, and such Information may advantageously be 
present on the ticket. For some purposes, however, the ticket may comprise the actual 
random number. 

In a preferred. embodiment the on-line system Is a lottery, and the Issued ticket is a lottery 
30 ticket. In this case the ticket may further comprise Information relating to a winnlng/no- 
wlnning category of the ticket. As mentioned above, this Information may relate to the 
generated random number. 

In case the on-line system Is a lottery, the step of Issuing a ticket may be based upon the 
35 random number and a probability table, in which case the method may further comprise 
the step of updating the probability table In response to the Issued ticket, so as to maintain' 
an at least substantially fixed wlnnlng/no winning ratio. Thus, the on-line ticket lottery 
functions as If it was a conventional ticket lottery in which ail the tickets have been created 
In advance. But in the on-line ticket lottery according to the present invention the tickets 
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have not been created In advance, but are created when they are drawn, i.e. when a user 
requests a ticket. 

In one embodiment of the present Invention the on-line system Is a code generation 
5 system. According to this embodiment the random number - sequence number pair 
represents a code for the protection of ID numbers or social security numbers In a 
database. The database may contain personal Information on Individuals such as, but not 
limited to health records, financial records or social records. 

10 In another embodiment of the present invention the on-line system Is an encryption 
system. According to this embodiment the random number - sequence number pair 
represents an enc^ptlon and/or a decryption key. It is a great advantage that such keys 
may be created, stored and used in a secure and auditable manner, since this increases 
the trust that the public may have In the system. 
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In yet another embodiment of the present Invention the on-line system is a money 
transfer system. It may be a cash point or a system to electronically transfer money from 
one account to another. In this case It Is ensured by the verifying step that only the right 
persons transfer/withdraw money from a specific account. 



The method may further comprise the step of alerting an operator In case the verifying 
step results in the discovery of one or more non-authentic random number - sequence 
• number pairs. The alert may be In the form of a printed report indicating that something Is 
wrong, and that appropriate actions should therefore be:.taken. Alternatively or 
25 additionally, the alert may be in the form of an electronic message, e.g. an e-mail sent to 
an operator, or an electronic flag, or any other suitable kind of alert. 

The step of generating a random number may be performed upon the request from a user. 
Thus, a iotten' ticket, a code, an encryption/decryption key, a money transfer, etc. Is 
30 created/performed on the request of a 'user. The user thereby Initiates the operating steps 
of the present invention. 

The method may further comprise the step of receiving payment from a user. This Is 
particularly useful In case the on-line system is a system offering services, -which the user 
35 should pay for, e.g., a ticket lottery, a code generation system or an encryption- system. 
Preferably, the step of receiving payment Is performed before the random number is 
generated, thereby enabling the system to make sure that appropriate payment for the 
service has been received before the service Is provided. The payment step may, e.g. be 
performed by the user delivering bank notes or Coins to a paying machine. Alternatively or 



1 



8 



additionally, the payment step may be performed by means of a card reader for credit 
cards or cash cards (smart cards). Alternatively or additionally, the payment step may be 
performed by means of an electronic money transfer, e.g. an account-to-account transfer, 
or a transfer from an electronic wallet to an account. 

5 

The verifying step may comprise checking that a certain number of random numbers has 
been generated. This Is partlculariy useful when the on-line system is a ticket lottery. In 
this case the certain number of random numbers corresponds to the number of possible 
lottery tickets in the game. When all the tickets have been drawn, the game should, of 
10 course, be dosed. 



The verifying step may comprise tfie steps of: 

. checking whether a given random number - sequence number .pair has previously, been 
15 stored In the storage means, 

- marking said given random number - sequence number pair as a true pair In case it 
has previously been stored in the storage means, and 

- alerting an operator In case the given random number - sequence number pair has not 
previously been stored In the storage means. 
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In this embodiment It Is assumed that only authentic random number - sequence number 
pairs have been stored in the storage means, and that all authentic random number - 
sequence number pairs have been stored, 

25 According to a thied aspect of the present Invention the above and other objects are 

Obtained by providing a device for obtaining security and audit ability In an on-line system, 
the device comprisfng: 

a random number generator, 

- means for providing a sequence number for each generated random number, so as to 
30 create a random number - sequence number pair, 

- storage means for storing the created random number - sequence number pair, 

- verifying means for verifying, at a chosen time, stored random number - sequence 
number pairs, so as to ensure that every stored random number - sequence number 
pair Is an authentic .random number - sequence number pair. 



35 



the verifying means further comprising: 

■ means for checking whether a given random number - sequence number pair has 
previously been stored In the storage means, 



- means for marking said given random number - sequence number pair as a true pair In 
case it has previously been stored in the storage means, and 

- means for alerting an operator in case the given random number - sequence number 
pair has not previously been stored In the storage means, 

wherein the storage means and the random number generator have limited access. 



EXAMPLES 

10 

Example 1 

Generation of security In an on-fine ticket lottery 
15 Objectives 

To reach audit ability a in an on-line ticket lottery by attachment of a secure closed system 
(a so-called "black box"), providing physical security for services relating to creation of the 
tickets. The "black box" service that is locked and can only be opened while "auditors" are 
present. The "black box" will offer services that can be audited 

20 

Methods 

The Audit Process (AP) is based on audit abiiity,-and is reached by attaching a "True 
Random Number Generator" to a PC compatible machine in a locked box generating a true 
random number and a sequence number. Every time the Gaming Platform (GP) gets a 
25 request from a player It requests a true random number from the "black box". A random 
number - sequence number pair Is created, sent to the GP and saved In the "black box" 
The audit process goes through every Instant record in the GP database and compares the 
random number - sequence number pair to the contents of the "black box". 

30 Results 

The audit ability of the system Is reached by attaching a "True Random Number Generator" 
to a PC compatible machine In a locked box that offers two services: 

- Auditable True Random ivjumber by use of a sequence number 
35 . Approving the speclftcTRN for a specific winning: category 

To reach audit ability the "black box" will return sequence number together with each 
random number. This sequence number will be saved with the ticket. The Approving 
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service can then be used later to approve that the specific tlcl<et (winning ticl<et) actually 
got a random number that resulted In a winning. 
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Example 2 



Generation of audit ability In an Instant ticket lottery 



Objectives 

To strengthen security of an on-line ticket lottery, a process has been defined that will 
10 periodically approve sold Instant Tickets according to rules specified by the lottery. The 
security system should be a flexible process that can be run periodically and approve a 
batch of tickets according the secure services of a "black box". 

Methods 

15 Upon a request from the Gaming Platform (GP), a random number - sequence number pair 
Is created and saved in the "black box". A routine mechanism will start at predetermined 
times like once or twice every day. If the system is being manipulated by an intruder, the 
system will alert the administrators of the lottery. The Audit Process (AP) verifies the 
random number - sequence number pairs saved in a storage means also exists In the 

20 "black box" and an alert Is given If something does not match, like If there are gaps in the 
sequence in the GP database. The AP also recalculates each Instaat ticket drawn from the 
pool and verifies that It Is according to the random number drawn. TTie security system 
can also aid in pool management of the lottery by sending messages to the GP that all the 
tickets in a pool have been sold and all the random number - sequence number pairs are . 

25 confirmed. 



Results 

One of the functions of the security mechanism Is to double check at all times the 
correctness of the winning selection according to Lottery's pre-speclfled rules as well as 

30 approving that the SecureTRNG Is not generating more random numbers than are used by 
the Instant Ticket Service. That could be the case If Intruders will Invade the system to get 
a supposed to be good "random" number and only buy tickets when he gets one. Lottery 
can specify the period (usually daily) and the prize categories that are checked. A default 
setting orders checking of all but lowest price and no winning tickets. This will allow the 

35 system to make sure that winning tickets, possibly generated by bypassing the Secure- 
TRNG, are spotted by the end of the day. Another function is comparison of ail sequence 
numbers In. the database against of all sequence numbers serviced by the "black box" to 
avoid the possibility that a process can ask for a random number - sequence number pair 



without paying for tlie ticlcet or only pay If the random has probabiiity of winning higher 
than even distribution. 



BRIEF DESCIUPTION OF THE DRAWINGS 

5 

The present invention will now be described in more detail by means of the accompanying 
drawings In which: 

Fig. 1 shows a block diagram describing how speed is generated in an on-line system 
10 according to the present invention. 

Fig. 2 shows a blocl< diagram describing the overall audit process of an on-line system 
according to the present invention, 

15 Fig. 3 shows the features of the audit process of Fig. 2, and 

Fig. 4 shows a manual tal<e over process of an on-llne system according to the present 
invention 

20 DETAILED DESCRIPTTON OF THE DRAWINGS 

Fig. 1 describes the method of generating speed in a t!cl<et lottery and how one or several 
- pools are managed during a lottery game. The process of the method is initiated by a • 
.request from a customer. The customer acce^sses an instant lottery game through the 

25 Internet, by placing an electronic request using, e.g., a PC compatible client or an 
embedded POS Letter/ device. The request is directed to the Gaming Platform (GP), 
comprising a processing means including a probability table and" storage means. The 
probability table represents the current game and resembles unsold tickets in ail existing 
pools of the game. The GP handles the request by charging the customer for the ticket and 

30 when the GP has received a confirmation that a payment has been made the.GP requests p 
true random number (TRN). Based on the current Instant pool (i.e. the probability table), 
and the random number, the GP calculates the category the ticket belongs to. The instant 
pool is changed after generation of each ticket, according to the .category (one less In that 
partrlcular category), by updating the probability table. The game transaction. Including a 

35 sequence number and the category to which the ticket belongs to. Is saved by the GP. The 
platform Is thereafter ready to service the next customer. 

Based oh criteria set by the Lottery, a minimal number of tickets in the lottery or in each 
category are allowed. If these criteria are hot met, a new pool or category may be added 
40 into the lottery. If a new pool or category is added Into the lottery, the probability table Is 
updated, and the platform is thereafter ready to service the next customer. 
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ri^rnn P™'^"" t"^^ ^y^t^'"- -ri^^ P'-°<=ess IS initiated by 

select ng a sequence range, which cove,^ all sequence numbers issued from the last ttme 

^ I ck OX" Of th° °' -'^•^ P^'^ ^o-<^ ^ a 

5 fGpfi?., r. "" ''^"^ '^^ ^" P^''-^ ^^^'•-d ^he Gaming Platform 

5 (GP). This process is described In detail m Fig. 3. If the pair is confirmed the GP markTthe 

stld^nThe^: m"' '"•'^'"^ "^^ P^'^' P^°^'^^^ ^^^^ more pat 

stored in the GP. However, If the pair is not confirmed a report Is printed alerting the 

T:^^::^:^-'^^^^ — . resu J,n Lnua, 

10 

defXr "° """^ ''"'^ ""^'^ P*-"^^^^ unconfirmed pairs, a process 

described m more detail In Rg. 3. If there are no unconfirmed pai,^ m the system the 

ooo a a Tn'f ■ I ^^^^^ - --nt status Of ^he 

15 pairs exist in the black box", but not In the GP, the audit process prints a report: alertlna 
the administrators/auditors and appropriate actions are taken. -^P^^ alertdng 

Fig. 3 describes the features 1-3 of the audit process provided by a secure closed 
compartment, a so-called "black box", comprising processing means, a tme random 
20 number generator (TRNG) and storage means. ns, a true random 

TJ"^- '^^ir ' P™^"^'^^ ^ '•^"dom number (TRN) to the Gamlna 

aen?r2f' ' '•^^^'^^^ ^ ^^-^^ ''-^ ^ -^°-r. For eac^™ ' 

generated, a sequence number is generated from the processing means. By attachinq the 

^e "rantrnir ' """^^^^ " ^^^-"^ "-^^ Pa.r .stated. The 

udit abmtv and th" " "T""T '^^^ """^'^^ -^erto reach 

audit ability, and then returned to the GP. The audit process goes through every instant 

30 

The se^nd feature 2 Is the confirmation of the true random number - sequence number 
pairs The pairs stored in the GP are compared to the pai^ stored In the "^"ack bo^^f he 

un«, a,ro"arT' ^ " "^^^^^^ ^ ^ P^'^ e pr cess ^onUnuL 

35 nrlnl ' 'J^T P^"" any reason, the system 

Ten a oT,^ ^^-'"'-^-^^-Z-dlto. and appropriate actions are taken 

When a pair Is returned it Is necessary to calculate the winning category specified on the 

rj^kTwl^^^ -^^^'"^ ^ — -V It was done I'en 

40 

H^lTl 'IT" ' °' "^^^^ ^"^'^ ask for unconfirmed pairs 

n the black box over a period that has already been confirmed (by use of the sTc^,nd 
feature (Compare pairs)).. If unconfirmed pairs remain In the system afterte aTd t 
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process has been performed, the system prints a report alerting the 
administrators/auditors, and appropriate actions are tal<en. 

Rg. 4 describes the manual take over process, which Is initiated if an alert is sent to the 
auditors and administrators due to unconfirmed pairs in the system. 
If there are extra palr(s) in the BW Solutions the auditors need to analyse matters such as 
but not limited to: ' 
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Have new versions of Betware Solutions been deployed? 

Have the administrators accessed the system during the period that is being audited, 
and If so what were their actions 

- The journal logs can be viewed in order to verify that the original records have not 
been tampered with or changed manually 

- Have hackers accessed the system during the period being audited and if so what were 
15 their actions 

If there are extra pairs In the "black box",- the auditors need to analyse matters such as, 
but not limited to: 

20 - Have new versions of Betware Solutions been deployed? 

- Have hackers accessed the system during the period being audited and if so what were 
their actions? 

- Analyse who has access to get service of the "black box" 

- Are. pairs missing due to failure in the processes that have confirmed new random 

25 number - sequence number pairs, but did not finish the transactions? (can be normal If 
two phase commit is not supported between BW Solutions and the "black box"). 

Based on what the auditors, and security experts If needed, may find to be the reason for 
the alert, necessary arrangements need to be made. These may Involve alerting 
30 authorities or solving Internal problems. 
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CLAIMS 
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1. A method of obtaining security and audit ability in an on-line system, the method 
comprising the steps of: 

- generating a random number by means of a random numbeH generator, 

- providing a sequence number for each of the random numbere generated so as to 
create a random number - sequence number pair, 

- storing the created random number - sequence number pair in a storage means, 

the method further comprising the step of, at a chosen time, verifying stored random 
number - sequence number pairs, so as to ensure that every stored random number - 
sequence number pair is an authentic random number - sequence number pair. 

15 2. A method according to claim 1, wherein the verifying step is performed at at least 
substantially equal time intervals. 

3. A method according to claim 1 or 2, wherein the generated random number is a true 
random number, the random number generator being a true random number generator. 

20 

4. A method according to any of claims 1-3, wherein the storing step is performed by 
storing the random number - sequence number pair in a storage means with limited 
access. 

i •■ 

25 5. A method according to any of claims 1-4, wherein the random number generator has 
limited access. 

6. A method according to daim 4 or 5, wherein access to the limited access area(s) can 
only be obtained by one or more authorised persons. 

30 

7. A method according to claim 6, wherein access to the limited access area(s) can only be 
obtained by two or more authorised persons. 

8. A method according to claim 7, wherein the two or more authorised persons each 
35 represent an authority, so that at least two authorities are represented when access to 

the limited access area(s) is obtained. 

9. A method according to claim 8, wherein at least one of the authorised persons 
represents an operator, and at least one of the authorised persons represents an auditor. 
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10. A method according to any of claims 1-9, further comprising the step of Issuing a ticket 
comprising Information relating to the sequence number. 

11. A method according to claim 10, wherein the on-line system is a lottery, and the 
Issued ticket is a lottery ticket. 

12. A method according to claim 11, wherein the ticket further comprises Information 
relating to a winning/no winning category of the ticket, 

13. A method according to claim 11 or 12, wherein the step of issuing a ticket Is based 
upon the random number and a probability table, the method further comprising the step 
of updating the probability table In response to the Issued ticket, so as to maintain an at 
least substantially fixed winning/no winning ratio. 

14. A method according to any of claims 1-10, wherein the on-line system is a code 
generation system, 

15. A method according to any of claims 1-10, wherein the on-line system Is an encryption 
system. 

16. A method according to. any of claims 1-10, wherein the on-line system Is a money 
transfer system. 

17. A method according to any of claims 1-16, further comprising the step of alerting an 
operator in case the verifying step results in the discovery of one or more non-authentic 
random number - sequence number pairs. 

18. A method according to any of claims 1-17, wherein the step of generating a random 
number is performed upon the request from a user. 

19. A method according to any of claims 1-18, further comprising the step of receiving 
payment from a user. 

20. A method according to any of claims 1-19, wherein the verifying step comprises 
checking that a certain number of random numbers has been generated. 

21. A method according to any of claims 1-20, wherein the verifying step comprises the 
steps of: 
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checking whether a given random number - sequence number pair has previously been 
stored in the storage means, 

marking said given random number - sequence number pair as a true pair In case It 
5 has previously been stored In the storage means, and 

alerting an operator In case the given random number - sequence number pair has not 
previously been stored In the storage means. 

22* A secure and audltable on-line system comprising: 

10 

a random number generator, 

means for providing a sequence number for each generated random number, so as to 
create a random number - sequence number pair, 

storage means for storing the created random number - sequence number pair, 
15 - verifying means for verifying, at a chosen time, stored random number - sequence 
number pairs, so as to ensure that every stored random number - sequence number 
pair Is an authentic random number - sequence number pair. 

23. An on-line system according to claim 23, wherein the verifying means Is adapted to 
20 perform verification at at least substantially equal time intervals. 

24. An on-line system according to claim 23 or 24, wherein the random number generator 
Is a true random number generator, 

25 25. An on-line system according to any of claims 23-25, wherein the storage means has 
limited access. 

26. An on-line system according to any of claims 23-26, wherein the random number 
generator has limited access. 

30 

27. An on-line system according to claim 26 or 27, wherein access to the limited access 
area(s) can only be obtained by one or more authorised persons, 

28. An on-line system according to claim 28, wherein access to the limited .access area(s) 
35 can only be obtained by two or more authorised persons. 

29. An on-line system according to claim 29, wherein the two or more authorised persons 
each represents an authority, so that at least two authorities are represented when access 
to the limited access area(s) Is obtained. 
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30. An on-line system according to claim 30, wherein at least one of the authorised 
persons represents an operator, and at least one of the authorised persons represents an 
auditor. 

5 

31. An on-line system according to any of claims 23-31, further comprising means for 
issuing a ticket comprising information relating to the sequence number. 

32. An on-line system according to claim 32, wherein the on-line system Is a lottery, and 
10 the Issued ticl<et is a lottery tlcl<et. 

33. An on-line system according to claim 33, wherein the ticl<et further comprises- 
Information relating to a winnlng/no winning category of the ticket. 

15 34. An on-line system. according to claim 33 or 34, wherein the ticket Is issued based upon 
the random number and a probability table, the on-line system further comprising means 
for updating the probability table in response to the issued ticket, so as to maintain an at 
least substantially fixed winnlng/no winning ratio. 

20 35. An on-line system according to any of claims 23-32, wherein the on-line system Is a 
code generation system. 

36. An on-line system according to any of claims 23-32, wherein the on-line system is an 
encryption system. 

25 

37. An on-line system according to any of claims 23-32, wherein the on-line system Is a 
money transfer system. 

38. An on-line system according to any of claims 23-38, further comprising m6ans for 
30 alerting an operator in case the verification results in the discovery of one or more non- 
authentic random number - sequence number pairs. 

39. An on-line system according to any of claims 23-39, wherein the random number 
generator is adapted to provide a random number in response to a request from a user. 
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40 An on-line system according to any of claims 23-40, further comprising, means for 
receiving payment from a user. 
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41. An on-line system according to any of claims 23-41, wherein the verifying means is 
adapted to checking that a certain number of random numbers has been generated. 

42. An oh-llne system according to any of claims 23-42, wherein the verifying means 
5 further comprises; 
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- means for checking whether a given random number - sequence number pair has 
previously been stored in the storage means, 

- means for marking said given random number - sequence number pair as a true pair In 
10 case It has previously been stored in the storage means, and 

- means for aleri:ing an operator In case the given random number - sequence number 
pair has not previously been stored In the storage means. 

43. A device for providing security and audit ability In an online system, the device 

15 comprising: 

a random number generator, 

- means for providing a sequence number for each generated random number, so as to 
create a random number - sequence number pair, 

- storage means for storing the created random number - sequence number pair 

- verifying means for verifying, at a chosen time, stored random number - sequence 
number pairs, so as to ensure that every stored random number - sequence number 
pair Is an authentic random number - sequence number pair, 

the verifying means furt:her comprising : 

- means for checking whether a given random number - sequence number pair has 
previously been stored in the storage means, 

- means for mari<ing said given random number - sequence number pair as a true pair in 
case it has previously been stored in the storage means, and 

- means for aleri:lng an operator in case the given random number - sequence number 
pair has not previously been stored in the storage means. 

Wherein the storage means and the random number generator have limited access. 
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ABSTRACT 

The present Invention provides a metliod a system and a device for obtaining security and 
audit ability In an on-line system. The system is a closed system and only auditors and/or 
5 authorities have access to the system. By means of a random number generator and a 
processing means a random number - sequence number pair Is generated and stored in a 
storage means. By verifying stored random number - sequence number pairs, every stored 
random number - sequence number pair can be authenticated. 
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